North Korea’s notorious Lazarus Group continues its crypto laundering operations, moving illicit funds while deploying new malware campaigns targeting developers and crypto founders.
400 ETH Laundered Through Tornado Cash
On March 13, blockchain security firm CertiK detected a 400 ETH deposit (worth approximately $750,000) to Tornado Cash, a popular privacy mixer often used to obfuscate transaction trails. The deposit was traced back to Lazarus Group’s Bitcoin transactions, highlighting the group’s ongoing attempts to launder stolen crypto.
Lazarus Group has been linked to multiple high-profile hacks, including the $1.4 billion Bybit exploit in February. Following such attacks, the group uses various methods to conceal stolen funds, including decentralized exchanges like THORChain, which does not require identity verification.
Reports indicate that within just five days, around $2.91 billion was moved through THORChain, making it significantly harder to track and recover stolen funds.
Expanding Malware Attacks on Developers
In a new wave of cyber attacks, Lazarus Group has launched six new malicious software packages on the Node Package Manager (NPM) platform, a widely used tool for JavaScript developers. According to security firm Socket’s March 11 report, the malware is designed to steal credentials and crypto wallet data.
- One of the malware packages, BeaverTail, mimics legitimate JavaScript libraries using typosquatting, where attackers slightly alter the names of trusted software to deceive developers into downloading it.
- The malware primarily targets stored credentials in Chrome, Brave, and Firefox browsers, as well as Solana and Exodus wallets.
Fake Zoom Calls to Target Crypto Founders
Lazarus Group has also been employing social engineering tactics to compromise crypto founders:
- Hackers pose as venture capitalists and set up fake Zoom meetings.
- They claim to have audio issues and send victims a malicious file as a supposed fix.
- Once downloaded, the malware grants attackers access to sensitive data and crypto wallets.
North Korea’s Crypto Heists Continue to Rise
According to Chainalysis, North Korean hackers stole over $1.3 billion in crypto across 47 attacks in 2024, more than doubling the amount stolen in 2023. With increasing reliance on privacy tools and decentralized exchanges, tracking and recovering stolen funds remains a significant challenge for authorities.
As cyber threats continue to evolve, crypto users, developers, and project founders must remain vigilant and adopt stronger security measures to protect their assets from sophisticated hacking groups like Lazarus.
